<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
 <head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <title>Generates a CSR</title>

 </head>
 <body><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-csr-get-subject.html">openssl_csr_get_subject</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="function.openssl-csr-sign.html">openssl_csr_sign</a></div>
 <div class="up"><a href="ref.openssl.html">OpenSSL 函数</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="function.openssl-csr-new" class="refentry">
 <div class="refnamediv">
  <h1 class="refname">openssl_csr_new</h1>
  <p class="verinfo">(PHP 4 &gt;= 4.2.0, PHP 5)</p><p class="refpurpose"><span class="refname">openssl_csr_new</span> &mdash; <span class="dc-title">Generates a CSR</span></p>

 </div>
 
 <div class="refsect1 description" id="refsect1-function.openssl-csr-new-description">
  <h3 class="title">说明</h3>
  <div class="methodsynopsis dc-description">
   <span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <span class="methodname"><strong>openssl_csr_new</strong></span>
    ( <span class="methodparam"><span class="type">array</span> <code class="parameter">$dn</code></span>
   , <span class="methodparam"><span class="type">resource</span> <code class="parameter reference">&$privkey</code></span>
   [, <span class="methodparam"><span class="type">array</span> <code class="parameter">$configargs</code></span>
   [, <span class="methodparam"><span class="type">array</span> <code class="parameter">$extraattribs</code></span>
  ]] )</div>

  <p class="para rdfs-comment">
   <span class="function"><strong>openssl_csr_new()</strong></span> generates a new CSR (Certificate Signing Request)
   based on the information provided by <em><code class="parameter">dn</code></em>, which represents the
   Distinguished Name to be used in the certificate.
  </p>
  <blockquote class="note"><p><strong class="note">Note</strong>: 
<span class="simpara">
 必须安装有效的 <var class="filename">openssl.cnf</var> 以保证此函数正确运行。参考有关<a href="openssl.installation.html" class="link">安装</a>的说明以获得更多信息。
</span>
</p></blockquote>
 </div>


 <div class="refsect1 parameters" id="refsect1-function.openssl-csr-new-parameters">
  <h3 class="title">参数</h3>
  <p class="para">
   <dl>

    
     <dt>
<em><code class="parameter">dn</code></em></dt>

     <dd>

      <p class="para">
       The Distinguished Name to be used in the certificate.
      </p>
     </dd>

    
    
     <dt>
<em><code class="parameter">privkey</code></em></dt>

     <dd>

      <p class="para">
       <em><code class="parameter">privkey</code></em> should be set to a private key that was
       previously generated by <span class="function"><a href="function.openssl-pkey-new.html" class="function">openssl_pkey_new()</a></span> (or
       otherwise obtained from the other openssl_pkey family of functions).
       The corresponding public portion of the key will be used to sign the
       CSR.
      </p>
     </dd>

    
    
     <dt>
<em><code class="parameter">configargs</code></em></dt>

     <dd>

      <p class="para">
       By default, the information in your system <em>openssl.conf</em>
       is used to initialize the request; you can specify a configuration file
       section by setting the <em>config_section_section</em> key of
       <em><code class="parameter">configargs</code></em>.  You can also specify an alternative
       openssl configuration file by setting the value of the
       <em>config</em> key to the path of the file you want to use.
       The following keys, if present in <em><code class="parameter">configargs</code></em>
       behave as their equivalents in the <em>openssl.conf</em>, as
       listed in the table below.
       <table class="doctable table">
        <caption><strong>Configuration overrides</strong></caption>
        
         <thead>
          <tr>
           <th><em><code class="parameter">configargs</code></em> key</th>
           <th>type</th>
           <th><em>openssl.conf</em> equivalent</th>
           <th>description</th>
          </tr>

         </thead>

         <tbody class="tbody">
          <tr>
           <td>digest_alg</td>
           <td><span class="type"><a href="language.types.string.html" class="type string">string</a></span></td>
           <td>default_md</td>
           <td>Selects which digest method to use</td>
          </tr>

          <tr>
           <td>x509_extensions</td>
           <td><span class="type"><a href="language.types.string.html" class="type string">string</a></span></td>
           <td>x509_extensions</td>
           <td>Selects which extensions should be used when creating an x509
           certificate</td>
          </tr>

          <tr>
           <td>req_extensions</td>
           <td><span class="type"><a href="language.types.string.html" class="type string">string</a></span></td>
           <td>req_extensions</td>
           <td>Selects which extensions should be used when creating a CSR</td>
          </tr>

          <tr>
           <td>private_key_bits</td>
           <td><span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span></td>
           <td>default_bits</td>
           <td>Specifies how many bits should be used to generate a private
            key</td>
          </tr>

          <tr>
           <td>private_key_type</td>
           <td><span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span></td>
           <td>none</td>
           <td>Specifies the type of private key to create.  This can be one
            of <strong><code>OPENSSL_KEYTYPE_DSA</code></strong>,
            <strong><code>OPENSSL_KEYTYPE_DH</code></strong> or
            <strong><code>OPENSSL_KEYTYPE_RSA</code></strong>.
            The default value is <strong><code>OPENSSL_KEYTYPE_RSA</code></strong> which
            is currently the only supported key type.
           </td>
          </tr>

          <tr>
           <td>encrypt_key</td>
           <td><span class="type"><a href="language.types.boolean.html" class="type boolean">boolean</a></span></td>
           <td>encrypt_key</td>
           <td>Should an exported key (with passphrase) be encrypted?</td>
          </tr>

          <tr>
           <td>encrypt_key_cipher</td>
           <td><span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span></td>
           <td>none</td>
           <td>
            One of <a href="openssl.ciphers.html" class="link">cipher constants</a>.
           </td>
          </tr>

         </tbody>
        
       </table>

      </p>
     </dd>

    
    
     <dt>
<em><code class="parameter">extraattribs</code></em></dt>

     <dd>

      <p class="para">
       <em><code class="parameter">extraattribs</code></em> is used to specify additional
       configuration options for the CSR.  Both <em><code class="parameter">dn</code></em> and
       <em><code class="parameter">extraattribs</code></em> are associative arrays whose keys are
       converted to OIDs and applied to the relevant part of the request.
      </p>
     </dd>

    
   </dl>

  </p>
 </div>


 <div class="refsect1 returnvalues" id="refsect1-function.openssl-csr-new-returnvalues">
  <h3 class="title">返回值</h3>
  <p class="para">
   Returns the CSR.
  </p>
 </div>


 <div class="refsect1 examples" id="refsect1-function.openssl-csr-new-examples">
  <h3 class="title">范例</h3>
  <p class="para">
   <div class="example" id="example-833">
    <p><strong>Example #1 Creating a self-signed-certificate</strong></p>
    <div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br /></span><span style="color: #FF8000">//&nbsp;Fill&nbsp;in&nbsp;data&nbsp;for&nbsp;the&nbsp;distinguished&nbsp;name&nbsp;to&nbsp;be&nbsp;used&nbsp;in&nbsp;the&nbsp;cert<br />//&nbsp;You&nbsp;must&nbsp;change&nbsp;the&nbsp;values&nbsp;of&nbsp;these&nbsp;keys&nbsp;to&nbsp;match&nbsp;your&nbsp;name&nbsp;and<br />//&nbsp;company,&nbsp;or&nbsp;more&nbsp;precisely,&nbsp;the&nbsp;name&nbsp;and&nbsp;company&nbsp;of&nbsp;the&nbsp;person/site<br />//&nbsp;that&nbsp;you&nbsp;are&nbsp;generating&nbsp;the&nbsp;certificate&nbsp;for.<br />//&nbsp;For&nbsp;SSL&nbsp;certificates,&nbsp;the&nbsp;commonName&nbsp;is&nbsp;usually&nbsp;the&nbsp;domain&nbsp;name&nbsp;of<br />//&nbsp;that&nbsp;will&nbsp;be&nbsp;using&nbsp;the&nbsp;certificate,&nbsp;but&nbsp;for&nbsp;S/MIME&nbsp;certificates,<br />//&nbsp;the&nbsp;commonName&nbsp;will&nbsp;be&nbsp;the&nbsp;name&nbsp;of&nbsp;the&nbsp;individual&nbsp;who&nbsp;will&nbsp;use&nbsp;the<br />//&nbsp;certificate.<br /></span><span style="color: #0000BB">$dn&nbsp;</span><span style="color: #007700">=&nbsp;array(<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #DD0000">"countryName"&nbsp;</span><span style="color: #007700">=&gt;&nbsp;</span><span style="color: #DD0000">"UK"</span><span style="color: #007700">,<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #DD0000">"stateOrProvinceName"&nbsp;</span><span style="color: #007700">=&gt;&nbsp;</span><span style="color: #DD0000">"Somerset"</span><span style="color: #007700">,<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #DD0000">"localityName"&nbsp;</span><span style="color: #007700">=&gt;&nbsp;</span><span style="color: #DD0000">"Glastonbury"</span><span style="color: #007700">,<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #DD0000">"organizationName"&nbsp;</span><span style="color: #007700">=&gt;&nbsp;</span><span style="color: #DD0000">"The&nbsp;Brain&nbsp;Room&nbsp;Limited"</span><span style="color: #007700">,<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #DD0000">"organizationalUnitName"&nbsp;</span><span style="color: #007700">=&gt;&nbsp;</span><span style="color: #DD0000">"PHP&nbsp;Documentation&nbsp;Team"</span><span style="color: #007700">,<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #DD0000">"commonName"&nbsp;</span><span style="color: #007700">=&gt;&nbsp;</span><span style="color: #DD0000">"Wez&nbsp;Furlong"</span><span style="color: #007700">,<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #DD0000">"emailAddress"&nbsp;</span><span style="color: #007700">=&gt;&nbsp;</span><span style="color: #DD0000">"wez@example.com"<br /></span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">//&nbsp;Generate&nbsp;a&nbsp;new&nbsp;private&nbsp;(and&nbsp;public)&nbsp;key&nbsp;pair<br /></span><span style="color: #0000BB">$privkey&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">openssl_pkey_new</span><span style="color: #007700">();<br /><br /></span><span style="color: #FF8000">//&nbsp;Generate&nbsp;a&nbsp;certificate&nbsp;signing&nbsp;request<br /></span><span style="color: #0000BB">$csr&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">openssl_csr_new</span><span style="color: #007700">(</span><span style="color: #0000BB">$dn</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$privkey</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">//&nbsp;You&nbsp;will&nbsp;usually&nbsp;want&nbsp;to&nbsp;create&nbsp;a&nbsp;self-signed&nbsp;certificate&nbsp;at&nbsp;this<br />//&nbsp;point&nbsp;until&nbsp;your&nbsp;CA&nbsp;fulfills&nbsp;your&nbsp;request.<br />//&nbsp;This&nbsp;creates&nbsp;a&nbsp;self-signed&nbsp;cert&nbsp;that&nbsp;is&nbsp;valid&nbsp;for&nbsp;365&nbsp;days<br /></span><span style="color: #0000BB">$sscert&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">openssl_csr_sign</span><span style="color: #007700">(</span><span style="color: #0000BB">$csr</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">null</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$privkey</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">365</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">//&nbsp;Now&nbsp;you&nbsp;will&nbsp;want&nbsp;to&nbsp;preserve&nbsp;your&nbsp;private&nbsp;key,&nbsp;CSR&nbsp;and&nbsp;self-signed<br />//&nbsp;cert&nbsp;so&nbsp;that&nbsp;they&nbsp;can&nbsp;be&nbsp;installed&nbsp;into&nbsp;your&nbsp;web&nbsp;server,&nbsp;mail&nbsp;server<br />//&nbsp;or&nbsp;mail&nbsp;client&nbsp;(depending&nbsp;on&nbsp;the&nbsp;intended&nbsp;use&nbsp;of&nbsp;the&nbsp;certificate).<br />//&nbsp;This&nbsp;example&nbsp;shows&nbsp;how&nbsp;to&nbsp;get&nbsp;those&nbsp;things&nbsp;into&nbsp;variables,&nbsp;but&nbsp;you<br />//&nbsp;can&nbsp;also&nbsp;store&nbsp;them&nbsp;directly&nbsp;into&nbsp;files.<br />//&nbsp;Typically,&nbsp;you&nbsp;will&nbsp;send&nbsp;the&nbsp;CSR&nbsp;on&nbsp;to&nbsp;your&nbsp;CA&nbsp;who&nbsp;will&nbsp;then&nbsp;issue<br />//&nbsp;you&nbsp;with&nbsp;the&nbsp;"real"&nbsp;certificate.<br /></span><span style="color: #0000BB">openssl_csr_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$csr</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$csrout</span><span style="color: #007700">)&nbsp;and&nbsp;</span><span style="color: #0000BB">var_dump</span><span style="color: #007700">(</span><span style="color: #0000BB">$csrout</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">openssl_x509_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$sscert</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$certout</span><span style="color: #007700">)&nbsp;and&nbsp;</span><span style="color: #0000BB">var_dump</span><span style="color: #007700">(</span><span style="color: #0000BB">$certout</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">openssl_pkey_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$privkey</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$pkeyout</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"mypassword"</span><span style="color: #007700">)&nbsp;and&nbsp;</span><span style="color: #0000BB">var_dump</span><span style="color: #007700">(</span><span style="color: #0000BB">$pkeyout</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">//&nbsp;Show&nbsp;any&nbsp;errors&nbsp;that&nbsp;occurred&nbsp;here<br /></span><span style="color: #007700">while&nbsp;((</span><span style="color: #0000BB">$e&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">openssl_error_string</span><span style="color: #007700">())&nbsp;!==&nbsp;</span><span style="color: #0000BB">false</span><span style="color: #007700">)&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;echo&nbsp;</span><span style="color: #0000BB">$e&nbsp;</span><span style="color: #007700">.&nbsp;</span><span style="color: #DD0000">"\n"</span><span style="color: #007700">;<br />}<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
    </div>

   </div>
  </p>
 </div>


</div><hr /><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-csr-get-subject.html">openssl_csr_get_subject</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="function.openssl-csr-sign.html">openssl_csr_sign</a></div>
 <div class="up"><a href="ref.openssl.html">OpenSSL 函数</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
